There are many different types of penetration test software, and penetration testers often make use of both specialized applications and programs that are widely available to the general public. Since there are a number of steps typically associated with penetration testing, each phase requires different types of software. The basic categories that most types of penetration test software fall into are port, vulnerability, and application scanners. Some of these programs are only capable of scanning, while others can also be used to initiate attacks on any vulnerabilities that are discovered. Basic software tools, such as email programs, can also be useful in carrying out the social engineering aspect of penetration testing.
Penetration testing is a blanket term that covers a wide variety of activities, all of which are aimed at helping to secure online data, servers, and applications. Other terms for penetration testing include "white hat" and "ethical" hacking, since penetration testers use many of the same tools commonly employed by malicious hackers. The difference is that penetration testers are hired to identify weaknesses and vulnerabilities so that they can be secured before an actual attack can occur.
The process of penetration testing includes a number of different steps, and there are many different types of technology and software that can be penetration tested. That means penetration testing can make use of many different types of software. Port scanners are one of type of penetration test software commonly used during the information gathering phase. This type of software is designed to scan a remote host for any open ports, which may be targeted during an attack. Port scanning software can typically also be used to determine what operating system (OS) is running on the remote host.
Vulnerabilities scanners are another commonly used type of penetration test software. This type of software is typically programmed with a number of known vulnerabilities. If a remote host has any of these vulnerabilities, then the software can be set to implement a number of potential exploits and attacks. This type of software is sometimes also combined with a port scanner, which can streamline the penetration testing workflow.
In other situations, a type of penetration test software known as an application scanner can also be useful. This type of software can scan web-based applications, and then try to carry out a number of different attacks. Some common attacks employed by application scanners include cookie manipulation, structured query language (SQL) insertion, and buffer overruns.
Some penetration testing also has a social engineering aspect that may, or may not, make use of any software. This type of penetration testing can effectively locate any human security weaknesses, and testers often use deceptive techniques in order to access sensitive information. Email software is sometimes used to make contact, though this type of penetration testing often uses telephone conversations, and even physical interactions, in order to access valuable data.